Supported Protocols

You can choose whether to require viewers to use HTTPS to communicate with CloudFront and whether CloudFront uses HTTPS to communicate with your
custom origin. If you require HTTPS, you can also choose the protocols that viewers, CloudFront, and your origin use to communicate.

Protocol between viewers and CloudFront

To choose whether to require HTTPS between viewers and CloudFront, specify the applicable value for
Viewer Protocol Policy.

To choose whether you want viewers and CloudFront to communicate by using TLSv1.0 or later, or by using
the less secure SSLv3 protocol, specify the applicable value for
Minimum SSL Protocol
Version.

Important

CloudFront only supports viewer requests using SSLv3 and TLSv1.0, 1.1, and 1.2.

Supported Ciphers

Viewers can send HTTPS requests to CloudFront using the following ciphers. With the exception of RC4-MD5, all ciphers are
supported whether you selected SSLv3 or TLSv1.0 as the value for
Minimum SSL Protocol
Version.
A viewer must support at least one of these ciphers to establish an HTTPS connection with CloudFront.
If you're using an SSL/TLS certificate in AWS Certificate Manager, a viewer must support one of the *-RSA-* ciphers.
CloudFront chooses a cipher in the following order from among the ciphers that the viewer supports:

CloudFront forwards HTTPS requests to the origin server by using the following ciphers. Your origin server must support at least
one of these ciphers for CloudFront to establish an HTTPS connection to your origin.